Privacy advocates hungry for cookies

Security consultant Richard M. Smith said Friday that a feature on browser-based e-mail readers could leave users' privacy exposed through the use of cookies.

Smith and a group of privacy and consumer advocates have called on the Federal Trade Commission to require software companies to develop a fix for the problem, which lets companies slip identifying data in cookies onto and off of users' computers through e-mail messages.

Officials from Microsoft Corp. (Nasdaq: MSFT) said that the company had a "team of engineers" looking into the problem, but had not yet decided on a technological solution. Richard Purcell, chief privacy officer at Microsoft said today that the company was glad the issue had surfaced.

"First of all we'll do everything we can to help users understand how they can control the collection and use of personal information. We believe that there are opportunities for bad uses of good technology," he said. "One reason we're happy that this issue has been brought to our attention is that it helps us determine how to narrow those possibilities down."

So what do consumers do in the meantime?

Junkbusters: Users at risk
Both Internet Explorer and Netscape Communicator allow users to disable cookies. That will prevent an identifier from being sent from their browser. But Junkbusters Corp. President Jason Catlett warned earlier Friday that users remain at risk if a site has already dropped a cookie onto their computer.

In that case, users need to clear their cookies.txt file, he said. Once the file has been deleted or the cookies have been erased, sites will have to place a new cookie to ID a user, and will be blocked.

Of course, deleting all the cookies will also eliminate saved passwords and logins that users may have set up.

Purcell said users may want to review the file and allow sites they trust to retain their cookies.